Juniper's bug hunters fire out eight patches

Junos OS has been put through the wringer since that nasty backdoor scandal

Juniper has fired off fixes for eight security vulnerabilities.

The company has been running Junos OS through the security mill since late last year, when its now-notorious backdoor hit the headlines.

Junos OS systems running either generic routing encapsulation (GRE) or IP-in-IP (IPIP) tunnels are vulnerable to a kernel crash triggered by a crafted ICMP packet.

The resulting denial of service attack, CVE-2016-1277, is rated high, and present in a bunch of Junos OS revisions – three in the version 12.1 series, 13.3R9, three version 14 flavours, three version 15 flavours, and all subsequent to 15.1X49-D40. Absent the patch, users can filter out untrusted ICMP traffic.

The second Junos OS fix is restricted to version 13.1 or 14.1 platforms running VPLS: in CVE-2016-1275 the company describes an mbuf leak if an attacker floods IPv6 MAC addresses over VPLS instances.

In its CVE-2016-1279 advisory Juniper says the J-Web config interface has an information leak that could give unauthenticated remote users admin access to the system.

Juniper has also rolled out a fix to a FreeBSD libc issue (CVE-2009-1436); and another for a kernel crash bug on 64-bit Junos OS systems (CVE-2016-1263).

Bear up, we're nearly done.

In CVE-2016-1278, an upgrade to some SRX series devices can be crashed, leaving the administration interface at root.

“Using the 'request system software' command with the 'partition' option on an SRX Series device upgrading to Junos OS 12.1X46 can leave the system in a state where root CLI login is allowed without a password due to the system reverting to a 'safe mode' authentication triggered by the failed upgrade.”

The relevant Junos OS release has been patched.

Finally, there's CVE-2016-1276, a DoS-able bug in high-end SRX devices running application layer gateway function. ®


Biting the hand that feeds IT © 1998–2017